Solved

/32 network route

Posted on 2014-02-01
14
686 Views
Last Modified: 2014-02-06
Hello

I have an odd situation, in our private network our supplier at our request has set up a couple of /32 network routes.
i.e. 10.1.1.0/24 is the LAN network, we have 2 host with fixed IP's that we needed to move to another site. To accommodate this move without changing IP's on the moved host our private network supplied created 2x /32 routes 10.1.1.97/32 and 10.1.1.150/32. This worked a treat.

My  puzzling issue is, I have servers in the 10.1.1.0/24 network that are learning the routes for 10.1.1.97 and 10.1.1.150. I cannot determine how they are learning these routes. On the 10.1.1.0/24 network only some clients needed to learn the new /32 routes, this was done by DHCP and option 121.

On the servers which remained on site:
There is no static route entry on these server hosts pointing to the /32 for 97 & 150.
I believe proxy arp is not configured on the gateway CISCO routers, also there is 4 hops between the 10.1.1.0/24 LAN and the new network that 97 & 150 are routed to, so proxy arp should not work anyway as the destination network is not directly attached to the LAN router.

arp -a show the mac address of the gateway router, same as default gateway, for 97 & 150.
Deleting arp for 97 & 150 immediately relearns same arp entry.

The /32 routes were required for an urgent application migration from a remote site to a data centre where over 250 client connections were configured using static IP, we did not have time to update clients until after the migration.

Any assistance is appreciated.
0
Comment
Question by:hairylots
  • 5
  • 4
  • 4
  • +1
14 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
Comment Utility
If the servers has no route in their routing table, then they are not learning the /32 routes.

However, they do have ARP records, so it should be either static ARP records on the servers, or that the default gw is doing proxy arp for those /32.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
10.1.1.97/32 and 10.1.1.93/32 are within the 10.1.1.0/24  

There is nothing to learn.

The /32 might be only a reference within a VPN configuration while the  actual network settings on the system have /24.

i.e. VPN allows the connecting users access to the two servers only.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
One way to implement it would have been static /32 routes towards the gateway (which would have been used as a longer match than the /24).

Another way is to use ARP, either static ARP on the servers, or proxy ARP on the gateway.
0
 
LVL 16

Expert Comment

by:Michael Ortega (Internetwerx, Inc.)
Comment Utility
Are you saying that 10.1.1.97 and 10.1.1.150 are on a separate LAN segment not connected to the 10.1.1.0/24 network? If they are not on the same LAN segment they would simply not be accessible unless you were doing something interesting with NAT and the router was translating those host addresses to a different IP on a separate LAN segment.

Can you clarify where the hosts are sitting logically? On the same LAN segment as the 10.1.1.0/24 or a different LAN segment? If they are on a different LAN segment what are their LAN IP addresses?

MO
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
mgortega is wrong.
IP routing is about longest prefix matching.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
depending on the context, some have the /32 first than the /24.
Others will match the /24 as it includes the /32.

Computer routing will match /32 first than the /24.
0
 

Author Comment

by:hairylots
Comment Utility
Hello All

Thanks for responding.

pergr: The servers do not have a /32 route, the arp entry is listed as dynamic. My understanding for proxy arp to work on the router both LANS must be connected to the same router. i.e. eth0 has 10.1.1.0/24, eth1 has 10.1.2.0/24, if 10.1.1.97 host was moved to physical LAN on eth1 but retained 10.1.1.97 then proxy arp would work. Note with our config there are actually 3 layer 3 networks between 10.1.1.0/24 and where 10.1.1.97 has been moved to.
In a cisco C2900-UNIVERSALK9-M what would I see in the config if proxy arp was configured?

Arnold: the /32 route must be learnt or configured on the server as they need to know if destination host is on-net (local and arp for mac) or off-net (frame for gateway).

mgortaga
Yes, 97 and 150 are on a physical LAN that is separate to 10.1.1.0/24, there is 4 WAN layer 3 segments between 10.1.1.0/24 and the new physical LAN where 97 & 150 are located. They are accessible using /32 routing. Note this WAN / LAN is a private managed network, not on the internet, the smallest route permissible on Internet is a /24, /32 work perfectly well and are permissible on private networks.
The path between  hosts 10.1.1.0/24 and destinations 10.1.1.97 & 150 is: 10.1.1.2 --> gw 10.1.1.254 --> wan.1 10.1.50.1 --> wan.2 10.1.60.1 --> wan.3 10.1.70.1 --> wan.3 10.1.80.1 --> wan.4 10.1.90.1 --> 10.1.2.0/24, the routing entry in the wan is 10.1.1.97 next hop 10.1.2.97, host 10.1.2.97 has secondary IP configured as 10.1.1.97, same for 150.

Thanks an appreciated.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 76

Expert Comment

by:arnold
Comment Utility
10.1.1.97/32 is routable on any system that has 10.1.1.0/24 since both seen as local.  Netmask mismatch would mean a response will not be forthcoming.

i.e 10.1.1.24/24 to access IP 10.1.197 will address the packet directly.  The Mask of the destination is of no consequence to the originating system.
0
 

Author Comment

by:hairylots
Comment Utility
Hello Arnold

Have you done /32 routing before? This works, if a more specific route as in /32 exists then a member of the /24 will not arp for destination, it will frame for gateway and pass off-net.
i.e. if server member of /24 connects to another host in /24 where no more-specific route exists then member server arp's for host mac and frames packet for local delivery, if member server connects to host that has a more specific route based on mask then it does not arp, it follows next-hop of more-specific route.

My question is not does /32 routing work, my question is how are the members servers of the /24 learning the /32 if:
There is no static /32 route on members servers in the /24
/32 route is not being learnt / assigned by DHCP option 121 or 249; Classless Static Routing
gateway router is not doing proxy arp
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
post your routing table


The system of the servers have

0.0.0.0 0.0.0.0 10.1.1.1
10.1.1.0 255.255.255.0 10.1.1.24
10.1.1.24 255.255.255.255 127.0.0.1
224.0.0.0
is that the general Idea of your routing network?

As far as the system on 10.1.1.24 is concerned the IPs 10.1.1.97 and 10.1.1.150 are local to it.  i.e. it will not send the packet to the default router but will send it to the system directly.

You either have a DHCP configuration option that you push the route
10.1.1.97 255.255.255.255 10.1.1.1
10.1.1.150 255.255.255.255 10.1.1.45 for example

What is the routing table on the respective system that you say there is a /32?

Post the routing table from the systems 97,150 and the others.

your /32 static route might be there for a specific purpose that is not conflicting nor causes issues with LAN communications.

I've configured firewalls/VPNS that use a local LAN IP to map through the VPN to the remote system.

This is done for an application only allows a single IP access (NAT THE VPN IP)

As far as arp, get wireshark or ms network monitor tool. and capture LAN traffic.

You will see an RARP event who has 10.1.1.97 or 10.1.1.150 and you will see a response.

The possiblity is also that 10.1.1.10 send a packet directly to 10.1.1.97 that responds via its default gateway.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
For proxy-arp on the router; I believe that as long as the router has routes for the remote /32 hosts, it will reply to the arp requests on the interfaces with the /24, even if the /32 are not directly connected.
0
 

Author Comment

by:hairylots
Comment Utility
Hello Arnold, pergr

Here is the output of the ipconfig, route print and arp -a
The issue is with the route to 10.1.2.200/32
The host this information has been collected on is in the 10.1.2.0/24 network local ip 10.1.2.12/24.
The 10.1.2.200/32 is a sub interface on a host that is 5 networks away, main IP on remote host is 10.1.11.200/24, sub interface 10.1.2.200/32.

>> ipconfig /all # removed unused interfaces, note DHCP not enabled

Windows IP Configuration

   Host Name . . . . . . . . . . . . : <removed>
   Primary Dns Suffix  . . . . . . . : <removed>
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : <removed>

Ethernet adapter Wired:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #53
   Physical Address. . . . . . . . . : 34-40-B5-D7-A3-48
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f8cf:6226:cdab:80bc%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.2.12(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.2.254
   DHCPv6 IAID . . . . . . . . . . . : 271859893
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-B9-6A-5A-36-40-B5-FC-91-EB
   DNS Servers . . . . . . . . . . . : 10.1.2.1
                                       10.1.3.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


>> route print # note no entry for 10.1.2.200/32, note no persistent routes

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.1.2.254      10.1.2.12    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       10.1.2.0    255.255.255.0         On-link       10.1.2.12    266
      10.1.2.12  255.255.255.255         On-link       10.1.2.12    266
     10.1.2.255  255.255.255.255         On-link       10.1.2.12    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       10.1.2.12    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       10.1.2.12    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0     10.1.2.254  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    266 fe80::/64                On-link
 13    266 fe80::f8cf:6226:cdab:80bc/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None


>> arp -a # show arp entry for 10.1.2.200

Interface: 10.1.2.12 --- 0xd
  Internet Address      Physical Address      Type
  10.1.2.8            00-15-5d-05-e5-02     dynamic  
  10.1.2.200          00-00-0c-07-ac-01     dynamic  
  10.1.2.254          00-00-0c-07-ac-01     dynamic  
  10.1.2.255          ff-ff-ff-ff-ff-ff     static    
  224.0.0.22            01-00-5e-00-00-16     static    
  224.0.0.252           01-00-5e-00-00-fc     static    
  224.1.1.1             01-00-5e-01-01-01     static    
  255.255.255.255       ff-ff-ff-ff-ff-ff     static    

>> deleted arp entry for 10.1.2.200

Interface: 10.1.2.12 --- 0xd
  Internet Address      Physical Address      Type
  10.1.2.8            00-15-5d-05-e5-02     dynamic  
  10.1.2.254          00-00-0c-07-ac-01     dynamic  
  10.1.2.255          ff-ff-ff-ff-ff-ff     static    
  224.0.0.22            01-00-5e-00-00-16     static    
  224.0.0.252           01-00-5e-00-00-fc     static    
  224.1.1.1             01-00-5e-01-01-01     static    
  255.255.255.255       ff-ff-ff-ff-ff-ff     static    

>> tracert -d 10.1.2.200
Tracing route to 10.1.2.200 over a maximum of 30 hops
  1    <1 ms    <1 ms    <1 ms  10.1.2.253
  2     1 ms     1 ms     1 ms  10.3.4.201
  3     2 ms     1 ms     1 ms  10.3.4.249
  4     5 ms     5 ms     5 ms  10.3.4.250
  5     5 ms     5 ms     5 ms  10.1.11.200
  5     5 ms     5 ms     5 ms  10.1.2.200
Trace complete.
>> note 10.1.2.200 exists in same network as 10.1.11.200, 10.1.2.200 is sub interface on 10.1.11.200

>> tracert -d 10.1.11.200
Tracing route to 10.1.11.200 over a maximum of 30 hops
  1    <1 ms    <1 ms    <1 ms  10.1.2.253
  2     1 ms     1 ms     1 ms  10.3.4.201
  3     2 ms     1 ms     1 ms  10.3.4.249
  4     5 ms     5 ms     5 ms  10.3.4.250
  5     5 ms     5 ms     5 ms  10.1.11.200
Trace complete.

>> arp -a # shows mac relearnt after tracert from gateway

Interface: 10.1.2.12 --- 0xd
  Internet Address      Physical Address      Type
  10.1.2.8            00-15-5d-05-e5-02     dynamic  
  10.1.2.200          00-00-0c-07-ac-01     dynamic  
  10.1.2.254          00-00-0c-07-ac-01     dynamic  
  10.1.2.255          ff-ff-ff-ff-ff-ff     static    
  224.0.0.22            01-00-5e-00-00-16     static    
  224.0.0.252           01-00-5e-00-00-fc     static    
  224.1.1.1             01-00-5e-01-01-01     static    
  255.255.255.255       ff-ff-ff-ff-ff-ff     static    

===================
attempting to use wireshark and detect RARP.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
Seems clear the router is doing proxy ARP.
0
 

Author Comment

by:hairylots
Comment Utility
Hello pergr, Arnold

Thanks for the discussion and input.

What I have learnt today.
1) Using wireshark the routers are definitely performing proxy arp. This is quite interesting, first "Telco said cannot do that, it doe snot work .... " , second the /32 route for 10.1.2.200 is actually configured in the router located at 10.3.4.250, but it is the router located at 10.1.2.253 that is doing the proxy arp.
Note that router 10.1.2.253 is not configured for proxy arp.

2) next interesting fact, core network is using BGP, if host 10.1.11.200 is not responding to network requests then the route for 10.1.2.200/32 will not propagate from router 10.3.4.250, so router 10.1.2.253 looses /32 route and does not proxy arp.

All good now, know how it is working.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now